The vulnerabilities endpoint should also return the respective advisor

Sometimes, e.g. in order to judge their quality, knowing the advisor for vulnerabilities is beneficial. The [existing endpoint](https://eclipse-apoapsis.github.io/ort-server/api/get-vulnerabilities-by-run-id) should be extended to support that.